CN102263637B - Information encryption method and equipment thereof - Google Patents
Information encryption method and equipment thereof Download PDFInfo
- Publication number
- CN102263637B CN102263637B CN201010185754.0A CN201010185754A CN102263637B CN 102263637 B CN102263637 B CN 102263637B CN 201010185754 A CN201010185754 A CN 201010185754A CN 102263637 B CN102263637 B CN 102263637B
- Authority
- CN
- China
- Prior art keywords
- information
- encryption
- symmetric key
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention relates to the information safety technology field and discloses an information encryption method and equipment thereof. The method comprises the following steps: receiving plaintext information by a receiving end; encrypting the plaintext information; storing the encrypted information to the receiving end. By using the invention, safety of personal information can be guaranteed.
Description
Technical field
The present invention relates to field of information security technology, more particularly, relate to a kind of information ciphering method and equipment.
Background technology
The development of network and the Internet, most important function is exactly information transmission, and such as Email is exactly network especially the most universal, most important application in the Internet, and similar also has instant messaging, as MSN, QQ etc.Transmit field at Email and other similar information, the problem of information security is the subject matter that people pay close attention to always.
At present, along with the development of the Internet, Webmail becomes main flow, Email is kept on mail server, user uses browser to receive and dispatch, consult his Email, and after especially google releases the gmail of 1G capacity, other mail services business competitively releases jumbo mail server.In the prior art, the method for service of mail server is mostly the information security adopting the mode of user name-password to protect user mail, and this can exist many-sided information security issue:
1) if the password of user is revealed, the leakage of private information of user mail will be caused;
2) keeper of mail server can read proprietary mail;
3) user is on the path of receiving and dispatching mail, and e-mail messages and username-password can be ravesdropping.
Its all mail is all preserved on the server due to user by the mode of Webmail, therefore once password is revealed or mail server is invaded or the reason such as postmaster's moral defects, is all divulged a secret by the mail causing user all.
In current internet, applications, the Email still overwhelming majority uses and expressly transmits, recent years, and in order to the fail safe of guarantee information transmission, the mode that some email service providers provide single channel encryption is carried out guarantee information and is not ravesdropping on channel.So-called single channel encryption is encrypted for the transmission channel of information, such as, between Mail Clients and mail server, prevents from intermediate transfer path is eavesdropped on switch, router, fire compartment wall even netting twine by single channel encryption.Through single channel encryption, path is safe, what intercept can only be the ciphertext that cannot decipher.But single channel encryption only ensure that the fail safe of a certain segment information transmission between sender to recipient.Such as, first is connected to the mail server of first by single channel encryption, then ensure that this section is unmanned can eavesdrop, but information is kept on the mail server of first with form expressly, then by non-encrypted channel transfer to the mail server of second, and to be kept on the mail server of second with form expressly.In this process, the keeper of the mail server of first, second may see Mail Contents, and the transmission between first, second mail server can be ravesdropping.Therefore, the password that this single channel encryption mode reality only protects user is not ravesdropping, and does not substantially have the protective capability of transmitted information.
This problem was not also given prominence at the internet development initial stage; and when the Webmail taking gmail as representative grows up; cloud stores the backstage more and more becoming the Internet service that people accept; the wooden horse simultaneously stealing password gets more and more; thus cause network information only can there is huge potential safety hazard with password protection; once reasons such as password leakage (as stolen by wooden horse), server are invaded, server administrators' moral defects, all information-leakages of user will be caused.
Summary of the invention
The embodiment of the present invention, for the above-mentioned problems in the prior art, provides a kind of information ciphering method and equipment, to ensure the safety of personal information.
For this reason, the embodiment of the present invention provides following technical scheme:
A kind of information ciphering method, comprising:
Receiving terminal receives cleartext information;
Described cleartext information is encrypted;
Information after encryption is saved in receiving terminal.
Preferably, described cleartext information is encrypted comprises: utilize symmetric key mechanisms to be encrypted described cleartext information.
Preferably, described method also comprises:
Described receiving terminal uses the public-key cryptography of receiving party to utilize asymmetric key mechanisms to be encrypted the symmetric key used in described symmetric key mechanisms, and the symmetric key information after encryption is kept at receiving terminal, symmetric key after encryption is decrypted according to the private cipher key oneself preserved to make receiving party, obtain described symmetric key, and the information after encryption according to described symmetric key decryption; Or
Described symmetric key is sent to receiving party by encrypted tunnel by described receiving terminal, the information after encrypting according to described symmetric key decryption to make described receiving party.
Alternatively, described receiving terminal is mail server, and described information is mail;
Described method also comprises:
Before described cleartext information is encrypted, judge that whether the addressee of described mail is the user of this mail server; If so, then the described operation that cleartext information is encrypted is performed; If not, then described cleartext information is sent to the mail server of addressee;
Described information after encryption is saved in receiving terminal and comprises: the mail after encryption is saved in the recipient mailbox of described mail server.
Alternatively, described receiving terminal is instant communication server, and described information is instant messaging information;
Described method also comprises:
Before described cleartext information is encrypted, judge that described instant messaging information is preserved the need of in the associated storage servers of described instant communication server; If so, then the described step that cleartext information is encrypted is performed;
Described information after encryption is saved in receiving terminal and comprises: the instant messaging information after encryption is saved in the chat record of the corresponding described recipient of described instant communication server or transmit leg.
Alternatively, described receiving terminal is network storage server, and described information is the information that user needs to preserve in network storage space.
A kind of information encryption equipment, comprising:
Receiving element, for receiving cleartext information;
Ciphering unit, for being encrypted described cleartext information;
Storage unit, for being saved in receiving terminal by the information after encryption.
Preferably, described ciphering unit, is encrypted described cleartext information specifically for utilizing symmetric key mechanisms.
Preferably, described equipment also comprises:
Secret key encryption unit, asymmetric key mechanisms is utilized to be encrypted the symmetric key used in described symmetric key mechanisms for using the public-key cryptography of receiving party, and the symmetric key information after encryption is kept at receiving terminal, symmetric key after encryption is decrypted according to the private cipher key oneself preserved to make receiving party, obtain described symmetric key, and the information after encryption according to described symmetric key decryption; Or
Symmetric key transmitting element, for described symmetric key is sent to receiving party by encrypted tunnel, the information after encrypting according to described symmetric key decryption to make described receiving party.
Alternatively, described equipment is mail server, and described information is mail;
Described equipment also comprises:
Information transmitting unit, for sending to the mail server of addressee by described cleartext information;
First judging unit, before being encrypted described cleartext information at described ciphering unit, judges that whether the addressee of described mail is the user of this mail server; If so, then notify that described ciphering unit performs the described operation be encrypted cleartext information; If not, then notify that described information transmitting unit performs the described operation described cleartext information being sent to the mail server of addressee;
Described storage unit, specifically for being saved in the mail after encryption in the recipient mailbox of described mail server.
Alternatively, described equipment is instant communication server, and described information is instant messaging information;
Described equipment also comprises:
Second judging unit, for before being encrypted described cleartext information, judges that described instant messaging information is preserved the need of on described instant communication server; If so, then notify that described ciphering unit performs the described operation be encrypted cleartext information;
Described storage unit, specifically for being saved in the instant messaging information after encryption in the chat record of the corresponding described recipient of described instant communication server or transmit leg.
Alternatively, described equipment is network storage server, and described information is the information that user needs to preserve in network storage space.
Embodiment of the present invention information ciphering method and equipment, adopt the mode being different from traditional transmitting terminal encryption in information transmission, receive cleartext information by receiving terminal; Described cleartext information is encrypted at receiving terminal; Information after encryption is saved in receiving terminal, thus makes the enciphered message of preserving on receiving device, can only be deciphered by this receives information people and the legal reader of other information, fully ensure that the fail safe of the information of this receives information people.The method and equipment realize simple, avoid both sides' sex chromosome mosaicism of conventional cryptography mode, are easy to promote, ensure that similar Webmail needs to preserve the fail safe of user's private information like this on the webserver simultaneously.
Accompanying drawing explanation
Fig. 1 is the flow chart of embodiment of the present invention information ciphering method;
Fig. 2 is the applicating flow chart of embodiment of the present invention information ciphering method in mailing system;
Fig. 3 is the applicating flow chart of embodiment of the present invention information ciphering method in instantaneous communication system;
Fig. 4 is a kind of structural representation of embodiment of the present invention information encryption equipment;
Fig. 5 is the another kind of structural representation of embodiment of the present invention information encryption equipment;
Fig. 6 is the another kind of structural representation of embodiment of the present invention information encryption equipment.
Embodiment
Embodiment of the present invention information ciphering method and equipment, use expressly transmission for information in prior art and on reception server, there is the problem of potential safety hazard in the mode of expressly preserving, consider if use asymmetric cryptosystem to transmit key simultaneously, use DSE arithmetic to the mode of Source Encryption, although theoretically can the safety of guarantee information, and actual conditions are: on the Internet, most netizen does not adopt this means to information encryption at present, its problem is to encrypt the both sides' property promoted, such as first will transmit enciphered message to second, then second must have unsymmetrical key to and support the encryption and decryption condition that the software of key cryptosystem is such, and, second also will transmit response message to first, first also must have above-mentioned encryption and decryption condition.For convenience of description, below by this problem referred to as " both sides' sex chromosome mosaicism of encryption ".Exactly because this problem, the method that directly results in above-mentioned Source Encryption has improved for many years but few people's use, and the Email still overwhelming majority uses plaintext transmission.
For this reason, embodiment of the present invention information ciphering method and equipment, in order to the fail safe of guarantee information, for the secret cleartext information needing to store on the server or transmit, recipient's server is encrypted the cleartext information received, thus this information can only be consulted by receives information people and the legal reader's deciphering of other information, ensure the safety of the information of this receives information people.
As shown in Figure 1, be the flow chart of embodiment of the present invention information ciphering method, comprise the following steps:
Step 101, receiving terminal receives cleartext information.
Step 102, is encrypted described cleartext information.
Particularly, the mode only having receives information people to decipher can be used to be encrypted described cleartext information, corresponding cipher mode can have multiple, such as, can be encrypted described cleartext information by symmetric key mechanisms, described symmetric key mechanisms refers to that the key that deciphering uses is identical with encrypting the key used, and for convenience, in subsequent descriptions, is called symmetric key by described with captain's key.Such as, ciphertext 1 can be produced as symmetric key to expressly carrying out symmetric cryptography by a random number.
In embodiments of the present invention, receiving terminal utilizes described symmetric key to encrypt described cleartext information, meanwhile, also needs described symmetric key to send to receives information people.
Certainly, also a symmetric key can be arranged by recipient and receiving terminal both sides.
If consider in described symmetric key transmittance process and be stolen, then information may be revealed, and therefore, obtains described symmetric key safely to enable receives information people, in embodiments of the present invention, also can be encrypted described symmetric key further by asymmetric key mechanisms.Described asymmetric key mechanisms refers to that the key that deciphering uses is different from encrypting the key used, and the decruption key of this mechanism only has receives information people to have, and encryption key can disclose, and anyone can obtain.So just without the need to Key Distribution, therefore encryption key is also called public-key cryptography or PKI, and decruption key is also called private cipher key or private key, and asymmetric cryptography mechanism is also known as public-key mechanism.Such as, the public key encryption of the information second that first is sent out to second, ciphertext only has the private key of second to decipher.
Utilize above-mentioned asymmetric key mechanisms to be encrypted described symmetric key and obtain ciphertext 2, ciphertext 1 can be stored in receiving terminal by described receiving terminal together with ciphertext 2.Certainly, ciphertext 2 and ciphertext 1 also can be transmitted respectively, store respectively, but due in reality use, the key of ciphertext 1 and ciphertext 2 are matched, so store more convenient together.
Certainly, need the enterprise of unified management if receiving party belongs to or also comprise other recipients, then can also increase ciphertext 2-1, the ciphertext 2-2 etc. of enterprise's unified management key or other addressee's keys, all these ciphertexts can merge with ciphertext 1 preserves, readable to ensure other donors.
When recipient needs to watch described information, ciphertext 2 can be untied with the private key of oneself and obtain described symmetric key, then untie ciphertext 1 with described symmetric key and obtain cleartext information.Described private key can be generated by user and recipient oneself and be preserved, and corresponding PKI is supplied to receiving terminal and server or full disclosure by user.In addition, also described private key can be kept at described recipient local, pass through password protection.Steal private key and private key password to prevent Trojan software further simultaneously, hardware private keys (USBkey of such as Net silver) can also be adopted, private key is importing after this hardware, private key is just not readable, the operation of deciphering only and signing electronically, such as during deciphering, above-mentioned ciphertext 2 is admitted to this hardware, and this hardware returns the symmetric key of decrypting ciphertext 1.Like this, the while that the hardware private keys except non-user being stolen, private key password is stolen, and described enciphered message just may decryptedly be stolen, thus can obtain safer guarantee.
In addition, in order to ensure the fail safe that described symmetric key transmits, described symmetric key can also be sent to receiving party by encrypted tunnel by described receiving terminal, the information after encrypting according to described symmetric key decryption to make described receiving party.
Certainly, in the embodiment of the present invention, the encryption method of receiving terminal to described cleartext information is not limited in above-described mode, can also adopt other encryption methods, such as, directly encrypts former plaintext etc. with Asymmetric encryption.For with after symmetric key cryptography system encrypting plaintext, the transmission of key also can adopt multiple method, rivest, shamir, adelman is adopted to be modal one, also can as passed to receives information people above by encrypted tunnel, a place only having receives information people to access can also be saved in, or preserve etc. with the password encryption of receives information people.For rivest, shamir, adelman, except traditional RSA Algorithm, also Identity based encryption algorithm (IBS can be adopted, Identity BasedSecurity), the PKI of this algorithm is a self-defining character string, be exactly such as e-mail address, and the PKI of traditional RSA Algorithm and private key are all a lot of insignificant characters, the PKI of such IBS is just easier to open than the PKI of RSA and propagates.
Step 103, is saved in receiving terminal by the information after encryption.
As can be seen here, embodiment of the present invention information ciphering method, for the secret cleartext information needing to store on the server or transmit, recipient's server is encrypted the cleartext information received, thus this information can only be consulted by receives information people and the legal reader's deciphering of other information, simply, effectively ensure that the fail safe of information.
It should be noted that, embodiment of the present invention information ciphering method, can also and other cipher modes more existing combine, such as single channel encryption, for the transmission of information, transmission and reception provide more complete safety guarantee.
The method of the embodiment of the present invention can be applied to multiple environment, illustrates respectively below.
1. in mailing system
In order to further illustrate the difference of information ciphering method receiving and dispatching mail and the traditional receiving and dispatching mail method utilizing the embodiment of the present invention, first simply introduce traditional mail transmission/reception flow process below.
● in traditional client/server (Clent/Server is abbreviated as C/S) mailing system, the transmitting-receiving flow process of mail is as follows:
11. senders edit mail on Mail Clients 1, are sent to mail server 1 by smtp agreement;
12. mail servers 1 receive this mail, find that the recipient of this mail is the user of mail server 2, so pass through smtp agreement by this email relaying to mail server 2;
13. mail servers 2 receive this mail, find that the recipient of this mail is book server user, so this mail to be saved in the subscriber mailbox of book server;
14. addressees use Mail Clients 2 by the mailbox of pop3 protocol access oneself, collect the mail of oneself.
Conventional channel encryption is exactly by the smtp agreement in the smtps agreement of encrypting and pop3s agreement replacement above-mentioned steps and pop3 agreement.
Tradition Source Encryption is exactly when above-mentioned steps 11, and sender edits mail, before sending to mail server 1, carry out Source Encryption, thereafter in steps in, transmission be all enciphered message, in above-mentioned steps 14, after mail reception is got off by addressee, be decrypted and obtain expressly can reading.
● in traditional Webmail mailing system, the transmitting-receiving flow process of mail is as follows:
21. senders utilize http agreement to edit mail in the user interface of Webmail, and the user interface of Webmail can be the stand-alone program on mail server 1, also can be independent Web servers;
22. mail servers 1 receive this mail, find that the recipient of this mail is the user of mail server 2, so pass through smtp agreement by this email relaying to mail server 2;
23. mail servers 2 receive this mail, find that the recipient of this mail is book server user, so this mail to be saved in the subscriber mailbox of book server;
24. addressees utilize http agreement by the mailbox of the user interface access oneself of the Webmail of mail server 2, read the mail of oneself.Equally, the user interface of this Webmail can be the stand-alone program on mail server 2, also can be independent Web server.
Conventional channel encryption is exactly by the http agreement in the https agreement of encrypting and smtps agreement replacement above-mentioned steps and smtp agreement.
Due to the thing of both sides during receiving and dispatching mail, therefore sending out with receiving may be independently, and such as an envelope mail may use the mode of C/S to send, and addressee uses Webmail to consult, or sender sends mail with Webmail, and addressee receives with Mail Clients.
Traditional Source Encryption is all generally the pattern with reference to C/S mailing system on Webmail, specific implementation has two kinds:
(1) on the browser of user, install plug-in unit, encrypt and decrypt work by plug-in unit, although this mode is equivalent to mailing system use Webmail mode, encryption and decryption still realizes in client;
(2) in above-mentioned steps 21, sent by mail server 1 again by the server for encrypting of transmit leg after sender has edited mail; After the mail server 2 of recipient receives mail, when step 24 addressee accesses the mailbox reading mail of oneself, deciphered by server.This mode is the Mail Clients simulating C/S model completely with Web.
As shown in Figure 2, be the applicating flow chart of embodiment of the present invention information ciphering method in mailing system.
In this embodiment, described receiving terminal is mail server, and described information is mail, and this flow process comprises the following steps:
Step 201, sender utilizes client/server or Webmail mailing system user interface editor expressly mail;
Step 202, outbox side's mail server 1 receives described plaintext mail, judges that the recipient of this mail is the user of mail server 2, so pass through smtp agreement by this email relaying to recipient mail server 2;
Step 203, recipient mail server 2 receives this mail, judge that the recipient of this mail is book server user, if expressly mail is then encrypted this mail by the encryption method only having mail reception people to decipher, then this mail is saved in the recipient mailbox of book server;
Step 204, addressee utilizes the mode of client/server or Webmail privacy enhanced mail system to log in the mailbox of oneself, and deciphering mail is also read.
As a special case of above-mentioned application, described addressee and described sender can be the users of same mail server, and namely above-mentioned mail server 1 and mail server 2 are same servers.Further special case, described addressee and described sender can be same persons.In these special cases, the method for the embodiment of the present invention can be suitable for equally.
As can be seen here, in mailing system, adopt embodiment of the present invention information ciphering method, by the mail server receiving mail, the plaintext mail received is encrypted, mail reception people will read his mail, the key only having himself to have must be used to decipher, thus ensure that the fail safe of the mail that similar Webmail is such, even if the keeper of mail server cannot mail after enabling decryption of encrypted.And, owing to being by the server of mail reception end to email encryption, have the condition required for enciphered message without the need to information sender like this, both sides' sex chromosome mosaicism of encryption is become folk prescription, convenient for users to use.
It should be noted that, in actual applications, single channel encryption (current many Webmail providers have used https single channel encryption by user security access mail server) can be coordinated, for addressee, substantially can reach the safe class of traditional Source Encryption.Such as, Party A (sender) uses encryption channel to access Party A mail server, therefore can anti-eavesdrop on this passage; Can single channel encryption be used between Party A's mail server and Party B's mail server, then also can anti-eavesdrop on this passage; After mail enters Party B's mail server, namely encrypted, identical with the effect of traditional Source Encryption method, Party B can by the method deciphering mail of Source Encryption.Like this, before only encrypting this mail with Party B's mail server on Party A's mail server, there is cleartext information, belong to the security breaches of whole information exchanging process.But the possibility that this leak causes user profile to be revealed is very low, the bulk information of user especially can not be caused to reveal.The mail of Party B is from different location, and Party A's mail server is revealed and only causes this envelope mail to be divulged a secret, the mail from the third party, fourth side then can not be revealed.And on Party B's mail server, mail expressly only at mail arrives Party B mail server, not yet encrypt this and exist in a flash, unless Party B's mail server malice intercepts the mail before all encryptions, otherwise extensive information leakage can not be there is.
2. in instantaneous communication system
As shown in Figure 3, be the applicating flow chart of embodiment of the present invention information ciphering method in instantaneous communication system.
In this embodiment, described receiving terminal is instant communication server, and described information is instant messaging information, and this flow process comprises the following steps:
Step 301, user's instantaneous communication system and other people chat;
Step 302, no matter this instantaneous communication system allows between user directly transmit instant messaging information, or allow user's indirect transfer instant messaging information or the mixing of two kinds of modes by instant communication server, all the chat record that user comes and goes is delivered to instant communication server;
Step 303, instant communication server judges that described instant messaging information is preserved the need of on book server, above-mentioned instant messaging information is used the mode only having this user to decipher to be this user preservation;
Step 304, when user consults chat record, uses and only has the mode oneself could deciphered by decrypts information, could read.
Certainly, in the embodiment of the present invention, be not limited in encrypting storing the other side on instant communication server and send to the cleartext information of described user, and can the cleartext information that sends of user oneself described in encrypting storing.
Except the above-mentioned applicable cases mentioned, the method of the embodiment of the present invention can also be applied to other situations, such as, along with storage develops into the network storage from individual subscriber storage, in order to ensure the safety of network storage information, oneself needs the private information preserved in network storage space to be sent to network storage server by user, or the network storage space that other people will need the information sending this user to send this user to, above-mentioned information uses the mode only having this user to decipher to be this user preservation by network storage server.Like this, when user needs to consult these information, must use and only have the mode oneself could deciphered by decrypts information.
Certainly, the method for embodiment of the present invention information encryption can also be applied to the situation that some other needs store information on network, will not enumerate at this.
One of ordinary skill in the art will appreciate that all or part of step realized in above-described embodiment method is that the hardware that can carry out instruction relevant by program has come, described program can be stored in a computer read/write memory medium, described storage medium, as: ROM/RAM, magnetic disc, CD etc.
Correspondingly, the embodiment of the present invention also provides a kind of information encryption equipment, as shown in Figure 4, is a kind of structural representation of this equipment.
In this embodiment, described equipment comprises:
Receiving element 401, for receiving cleartext information;
Ciphering unit 402, for being encrypted described cleartext information;
Storage unit 403, for being saved in receiving terminal by the information after encryption.
When embody rule, described ciphering unit 402, can utilize symmetric key mechanisms to be encrypted described cleartext information.Certainly, the frame mode of other cryptographic algorithm corresponding also can be adopted to realize, such as, directly encrypt former plaintext etc. with Asymmetric encryption.
Embodiment of the present invention information encryption equipment, for the secret cleartext information needing to store on equipment or transmit, the cleartext information received is encrypted, thus this information can only be consulted by receives information people and the legal reader's deciphering of other information, simply, effectively ensure that the fail safe of information.
In actual applications, if described ciphering unit 402 utilizes symmetric key mechanisms to be encrypted described cleartext information, then in order to ensure the fail safe of encryption key further, can in different ways described symmetric key be encrypted or be transmitted, lift row explanation respectively below.
As shown in Figure 5, be the another kind of structural representation of embodiment of the present invention information encryption equipment.
In this embodiment, information encryption equipment 500 is except comprising: except receiving element 401, ciphering unit 402, storage unit 403, also comprise further:
Secret key encryption unit 501, asymmetric key mechanisms is utilized to be encrypted the symmetric key used in described symmetric key mechanisms for using the public-key cryptography of receiving party, and the symmetric key information after encryption is kept at receiving terminal, with the private cipher key making receiving party preserve according to controlling oneself, the symmetric key after encryption is decrypted, obtain described symmetric key, and the information after encryption according to described symmetric key decryption
Like this, can the fail safe of guarantee information encryption key effectively.
As shown in Figure 6, be the another kind of structural representation of embodiment of the present invention information encryption equipment.
In this embodiment, information encryption equipment 600 is except comprising: except receiving element 401, ciphering unit 402, storage unit 403, also comprise further:
Symmetric key transmitting element 601, for described symmetric key is sent to receiving party by encrypted tunnel, the information after encrypting according to described symmetric key decryption to make described receiving party.
This embodiment equally can the fail safe of guarantee information encryption key effectively.
Embodiment of the present invention information encryption equipment as the server under different application environment, can realize the function to the cleartext information encryption being stored in receiving terminal, with the fail safe of guarantee information.
Such as, described information encryption equipment can as mail server, and in this case, described information is mail.Correspondingly, described equipment also can comprise further:
Information transmitting unit, for sending to the mail server of addressee by described cleartext information;
First judging unit, before being encrypted described cleartext information at described ciphering unit, judges that whether the addressee of described mail is the user of this mail server; If so, then notify that described ciphering unit performs the described operation be encrypted cleartext information; If not, then notify that described information transmitting unit performs the described operation described cleartext information being sent to the mail server of addressee.
Correspondingly, described storage unit, specifically for being saved in the mail after encryption in the recipient mailbox of described mail server.
For another example, described information encryption equipment can also as instant communication server, and in this case, described information is instant messaging information.Correspondingly, described equipment also can comprise further:
Second judging unit, for before being encrypted described cleartext information, judges that described instant messaging information is preserved the need of in the associated storage servers of this instant communication server; If so, then notify that described ciphering unit performs the described operation be encrypted cleartext information.
Correspondingly, described storage unit, specifically for being saved in the instant messaging information after encryption in the chat record of the corresponding described recipient of described instant communication server or transmit leg.
For another example, described information encryption equipment can also as network storage server, and in this case, described information is the information that user needs to preserve in network storage space.
Certainly, other can also be had to apply, will not enumerate at this.
Specific works process when described information encryption equipment is applied under various circumstances can refer to the description in preceding embodiment, does not repeat them here.
The embody rule of described information encryption equipment under above-mentioned varying environment; can the fail safe of guarantee information when receiving terminal stores; avoid both sides' sex chromosome mosaicism of conventional cryptography mode; thus solve a popularization difficult problem for traditional Source Encryption mode, protect the safety that current similar Webmail stores information so simultaneously.
The preferred embodiment of the present invention is only above; but the present invention is not limited thereto; any those skilled in the art can think there is no creationary change, and some improvements and modifications done without departing from the principles of the present invention, all should drop in protection scope of the present invention.
Claims (8)
1. an information ciphering method, is characterized in that, comprising:
Receiving terminal receives cleartext information, and described receiving terminal is server; Symmetric key mechanisms is utilized to be encrypted described cleartext information;
Information after encryption is saved in receiving terminal;
Described receiving terminal uses the public-key cryptography of receiving party to utilize asymmetric key mechanisms to be encrypted the symmetric key used in described symmetric key mechanisms, and the symmetric key information after encryption is kept at receiving terminal, symmetric key after encryption is decrypted according to the private cipher key oneself preserved to make receiving party, obtain described symmetric key, and the information after encryption according to described symmetric key decryption;
Or described symmetric key is sent to receiving party by encrypted tunnel by described receiving terminal, the information after encrypting according to described symmetric key decryption to make described receiving party.
2. the method for claim 1, is characterized in that, described receiving terminal is mail server, and described information is mail;
Described method also comprises:
Before described cleartext information is encrypted, judge that whether the addressee of described mail is the user of this mail server; If so, then the described operation that cleartext information is encrypted is performed; If not, then described cleartext information is sent to the mail server of addressee;
Described information after encryption is saved in receiving terminal and comprises: the mail after encryption is saved in the recipient mailbox of described mail server.
3. the method for claim 1, is characterized in that, described receiving terminal is instant communication server, and described information is instant messaging information;
Described method also comprises:
Before described cleartext information is encrypted, judge that described instant messaging information is preserved the need of in the associated storage servers of described instant communication server; If so, then the described step that cleartext information is encrypted is performed;
Described information after encryption is saved in receiving terminal and comprises: the instant messaging information after encryption is saved in the chat record of the corresponding described recipient of described instant communication server or transmit leg.
4. the method for claim 1, is characterized in that, described receiving terminal is network storage server, and described information is the information that user needs to preserve in network storage space.
5. an information encryption equipment, is characterized in that, described information encryption equipment is server, and described server comprises:
Receiving element, for receiving cleartext information;
Ciphering unit, for utilizing symmetric key mechanisms to be encrypted described cleartext information, wherein, symmetric key is the symmetric key of random number or recipient and receiving terminal both sides agreement;
Storage unit, for the information after encryption is saved in receiving terminal, described receiving terminal is described server;
Described server also comprises secret key encryption unit or symmetric key transmitting element;
Described secret key encryption unit, asymmetric key mechanisms is utilized to be encrypted the symmetric key used in described symmetric key mechanisms for using the public-key cryptography of receiving party, and the symmetric key information after encryption is kept at receiving terminal, symmetric key after encryption is decrypted according to the private cipher key oneself preserved to make receiving party, obtain described symmetric key, and the information after encryption according to described symmetric key decryption, described asymmetric key mechanisms comprises RSA Algorithm or Identity based encryption algorithm;
Described symmetric key transmitting element, for described symmetric key is sent to receiving party by encrypted tunnel, the information after encrypting according to described symmetric key decryption to make described receiving party.
6. equipment as claimed in claim 5, it is characterized in that, described equipment is mail server, and described information is mail;
Described equipment also comprises:
Information transmitting unit, for sending to the mail server of addressee by described cleartext information;
First judging unit, before being encrypted described cleartext information at described ciphering unit, judges that whether the addressee of described mail is the user of this mail server; If so, then notify that described ciphering unit performs the described operation be encrypted cleartext information; If not, then notify that described information transmitting unit performs the described operation described cleartext information being sent to the mail server of addressee;
Described storage unit, specifically for being saved in the mail after encryption in the recipient mailbox of described mail server.
7. equipment as claimed in claim 5, it is characterized in that, described equipment is instant communication server, and described information is instant messaging information;
Described equipment also comprises:
Second judging unit, for before being encrypted described cleartext information, judges that described instant messaging information is preserved the need of on described instant communication server; If so, then notify that described ciphering unit performs the described operation be encrypted cleartext information;
Described storage unit, specifically for being saved in the instant messaging information after encryption in the chat record of the corresponding described recipient of described instant communication server or transmit leg.
8. equipment as claimed in claim 5, it is characterized in that, described equipment is network storage server, and described information is the information that user needs to preserve in network storage space.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010185754.0A CN102263637B (en) | 2010-05-28 | 2010-05-28 | Information encryption method and equipment thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010185754.0A CN102263637B (en) | 2010-05-28 | 2010-05-28 | Information encryption method and equipment thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102263637A CN102263637A (en) | 2011-11-30 |
| CN102263637B true CN102263637B (en) | 2015-03-11 |
Family
ID=45010111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010185754.0A Expired - Fee Related CN102263637B (en) | 2010-05-28 | 2010-05-28 | Information encryption method and equipment thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102263637B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102833181B (en) * | 2011-12-08 | 2015-12-16 | 上海华御信息技术有限公司 | E-mail processing method and system |
| WO2013097326A1 (en) * | 2011-12-29 | 2013-07-04 | 盈世信息科技(北京)有限公司 | Electronic mail encryption method, mail server, and system |
| US9390279B2 (en) * | 2012-09-11 | 2016-07-12 | Nextnav, Llc | Systems and methods for providing conditional access to transmitted information |
| JP2015537401A (en) * | 2012-09-11 | 2015-12-24 | ネクストナヴ,エルエルシー | System and method for providing conditional access to transmitted information |
| US9286490B2 (en) | 2013-09-10 | 2016-03-15 | Nextnav, Llc | Systems and methods for providing conditional access to transmitted information |
| CN103906004B (en) * | 2012-12-19 | 2019-02-01 | 上海晨兴希姆通电子科技有限公司 | Mail server, mail transmitting terminal and mail transmission/reception method |
| CN103188271A (en) * | 2013-04-19 | 2013-07-03 | 国家电网公司 | Secure mail client local data storage and identification methods and devices |
| CN103607409A (en) * | 2013-11-29 | 2014-02-26 | 中国科学院深圳先进技术研究院 | Method for protecting cloud storage data and cloud server |
| CN103795780A (en) * | 2013-12-06 | 2014-05-14 | 中国科学院深圳先进技术研究院 | Cloud storage data protection method and device |
| CN104967601A (en) * | 2015-02-12 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Data processing method and apparatus |
| CN104954237A (en) * | 2015-07-15 | 2015-09-30 | 山西佰纳得科技有限公司 | Instant massaging method |
| CN106487659B (en) * | 2016-10-20 | 2022-12-20 | 宇龙计算机通信科技(深圳)有限公司 | Information encryption method, information encryption device and terminal |
| CN111245771B (en) * | 2018-11-28 | 2022-07-08 | 深圳兆日科技股份有限公司 | Instant message encryption and decryption method, device, equipment and storage medium |
| US11398899B2 (en) | 2019-05-28 | 2022-07-26 | Shanghai Zhaoxin Semiconductor Co., Ltd. | Data processing device and data processing method |
| CN110138556A (en) * | 2019-05-28 | 2019-08-16 | 上海兆芯集成电路有限公司 | Data processing equipment and data processing method |
| CN112350922A (en) * | 2020-10-16 | 2021-02-09 | 卓尔智联(武汉)研究院有限公司 | Mail processing method, device, server and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1633068A (en) * | 2004-12-31 | 2005-06-29 | 北京中星微电子有限公司 | A method of media stream transmission in point-to-point communication |
| CN1980458A (en) * | 2005-11-30 | 2007-06-13 | 中兴通讯股份有限公司 | Method for realizing information back-up at network side |
| CN101127596A (en) * | 2007-09-20 | 2008-02-20 | 中兴通讯股份有限公司 | A method and system for program stream secret key encryption in broadcast mobile TV service |
| CN201656996U (en) * | 2010-05-28 | 2010-11-24 | 陈勇 | Information encryption equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262669B (en) * | 2004-06-23 | 2011-07-20 | 华为技术有限公司 | A secure guarantee method for information stored in a mobile terminal |
| CN101102152B (en) * | 2006-07-03 | 2011-05-11 | 华为技术有限公司 | Method for guaranteeing data security in passive optical network |
-
2010
- 2010-05-28 CN CN201010185754.0A patent/CN102263637B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1633068A (en) * | 2004-12-31 | 2005-06-29 | 北京中星微电子有限公司 | A method of media stream transmission in point-to-point communication |
| CN1980458A (en) * | 2005-11-30 | 2007-06-13 | 中兴通讯股份有限公司 | Method for realizing information back-up at network side |
| CN101127596A (en) * | 2007-09-20 | 2008-02-20 | 中兴通讯股份有限公司 | A method and system for program stream secret key encryption in broadcast mobile TV service |
| CN201656996U (en) * | 2010-05-28 | 2010-11-24 | 陈勇 | Information encryption equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102263637A (en) | 2011-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102263637B (en) | Information encryption method and equipment thereof | |
| JP6573600B2 (en) | A method performed by at least one server for processing data packets from a first computing device to a second computing device to allow end-to-end encrypted communication | |
| CN113508563A (en) | Block chain based secure email system | |
| JPH07245605A (en) | Ciphering information repeater, subscriber terminal equipment connecting thereto and ciphering communication method | |
| WO2009155781A1 (en) | Method and system of transmitting the encrypted information | |
| CN102118381A (en) | Safe mail system based on USBKEY (Universal Serial Bus Key) and mail encrypting-decrypting method | |
| CN105407094A (en) | Method and device for improving safety of e-mail, safe e-mail agent system | |
| CN201656996U (en) | Information encryption equipment | |
| CN102740239A (en) | Method and system for secure transmission of media information | |
| CN101924710A (en) | Management system and method for enterprise email box | |
| Castiglione et al. | E-mail-based covert channels for asynchronous message steganography | |
| CN103973713A (en) | Transfer method, extraction method and processing system for electronic mail information | |
| Müller et al. | Re: What’s Up Johnny? Covert Content Attacks on Email End-to-End Encryption | |
| Isobe et al. | Breaking message integrity of an end-to-end encryption scheme of LINE | |
| CN104009841B (en) | A kind of message encryption method under instant messaging situation | |
| CN101414983A (en) | E-mail relay apparatus and e-mail relay method | |
| CN111541603B (en) | Independent intelligent safety mail terminal and encryption method | |
| CN101369887B (en) | E-mail enciphered transmission method | |
| CN101262340A (en) | MMS encryption method and mobile terminal for transmitting and receiving encrypted MMS | |
| JP6905697B2 (en) | Email system | |
| CN1875599B (en) | System for enhancing the transmission security of the e-mails in the internet network | |
| Halim et al. | Email authentication using symmetric and asymmetric key algorithm encryption | |
| Dacosta et al. | EmailCloak: A practical and flexible approach to improve email privacy | |
| Demirol et al. | An android application to secure text messages | |
| CN103107939A (en) | Achieving method of secure email based on public safety facility management platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150311 Termination date: 20160528 |